<?php
			
	/* SVN FILE: $Id: actions.php 8 2011-03-13 08:32:38Z michele.andreoletti@gmail.com $ */
	
	/**
	 * Project Name : arcadia
	 *
	 * @author $Author: michele.andreoletti@gmail.com $
	 * @version $Revision: 8 $
	 * @lastrevision $Date: 2011-03-13 08:32:38 +0000 (Sun, 13 Mar 2011) $
	 * @filesource $URL: http://arcadia.googlecode.com/svn/trunk/sysop/actions.php $
	 */

	require_once '../include/functions.php';
	require_once '../include/const.inc.php';
	require_once '../include/auth.inc.php';
	require_once '../include/conn.inc.php';
	
	fnOnly4Sysop('','json');
	
	$sScript = fnCurrentScript();
	
	fnGetValueFromGET();
	
	$aRow = fnCheckUsername($sUsername, $sType);

	if (!empty($aRow) || $sAction=='create') {

		switch ($sAction) {
			
			case "create":
				if ($sType == 'user') {		
					$aQuery[] = "INSERT INTO `users` (`sUsername`, `sType`, `sPassword`, `sDisplayname`, `sEmail`, `iEnabled`, `iSysop`)
									VALUES ('$sUsername', 'user', PASSWORD('$sPassword'), '$sDisplayname', '$sEmail', 1, 0)";
				} else if ($sType == 'group') {		
					$aQuery[] = "INSERT INTO `users` (`sUsername`, `sType`, `sPassword`, `sDisplayname`, `sEmail`, `iEnabled`, `iSysop`)
									VALUES ('$sUsername', 'group', '', '$sDisplayname', '', 1, 0)";
				}
				$sLogDescription = "NEW ".strtoupper($sType)." $sUsername";
				break;
			
			case "trash":
				$aQuery[] = "DELETE FROM `users` WHERE `sUsername`='$sUsername' AND `sType`='$sType'";
				$aQuery[] = "DELETE FROM `users_access_lvl` WHERE `sUsername`='$sUsername' AND `sType`='$sType'";
				if ($sType == 'user') {	
					$aQuery[] = "DELETE FROM `users_groups_lnk` WHERE `sUser`='$sUsername'"; 
					$aQuery[] = "DELETE FROM `users_remember_me` WHERE `sUsername`='$sUsername'";	
				} else if ($sType == 'group') {	
					$aQuery[] = "DELETE FROM `users_groups_lnk` WHERE `sGroup`='$sUsername'"; 
				}
				$sLogDescription = "DELETED ".strtoupper($sType)." $sUsername";
				break;
			
			case "update":
				$aQuery[] = "UPDATE `users` SET `$sField`='$sValue' WHERE `sUsername`='$sUsername' AND `sType`='$sType'";
				if ($sField == 'iSysop') {	
					if ($sValue == 1) { $sLogDescription = "ADDED ".strtoupper($sType)." ".$sUsername." TO GROUP SYSOP"; }
					else { $sLogDescription = "REMOVED ".strtoupper($sType)." ".$sUsername." FROM GROUP SYSOP"; }
				} else if ($sField == 'iEnabled') {	
					if ($sValue == 1) { $sLogDescription = "ENABLED ".strtoupper($sType)." $sUsername"; }
					else { $sLogDescription = "DISABLED ".strtoupper($sType)." $sUsername"; }				
				} else {	 
					$sLogDescription = "EDITED ".strtoupper($sType)." $sUsername";
				}
				break;

			case "password":
				if ($sType == 'user') {	
					$aQuery[] = "UPDATE `users` SET `sPassword`=PASSWORD('$sValue') WHERE `sUsername`='$sUsername' AND `sType`='user'";
					$sLogDescription = "CHANGED PASSWORD FOR $sUsername";
				}
				break;
			
			case "remove":
				if ($sType == 'user') {
					$sUser = $sUsername;
					$sGroup = $sItem;
				} else if ($sType == 'group') {
					$sUser = $sItem;
					$sGroup = $sUsername;
				}
				$aQuery[] = "DELETE FROM `users_groups_lnk` WHERE `sUser`='$sUser' AND `sGroup`='$sGroup'";
				$sLogDescription = "REMOVED USER $sUser FROM GROUP $sGroup";
				break;
			
			case "users_groups_lnk":
				if ($sType == 'user') {	
					$sUser = $sUsername;
					$sGroup = $sItem;
				} else if ($sType == 'group') {	
					$sUser = $sItem;
					$sGroup = $sUsername;
				}
				$aQuery[] = "INSERT IGNORE INTO `users_groups_lnk` (`sUser`, `sGroup`) VALUES ('$sUser', '$sGroup')";
				$sLogDescription = "ADDED USER $sUser TO GROUP $sGroup";
				break;
				
			case "users_access_lvl":
				$aData = fnGetDataFromQuery(fnQueryGetAppAccessLvl($sUsername, $sType, $sApp), 'fnQueryGetAppAccessLvl()');
				if (!empty($iAccessLvl)) {
					if (!empty($aData)) {	
						$aQuery[] = "UPDATE `users_access_lvl` SET `iAccessLvl`='$iAccessLvl' WHERE `sUsername`='$sUsername' AND `sType`='$sType' AND `sWhat`='app' AND `sApp`='$sApp' ";
					} else { 
						$aQuery[] = "INSERT INTO `users_access_lvl` (`iAccessLvl`, `sUsername`, `sType`, `sWhat`, `sApp`, `sTable`, `sViewItemLink`, `sTab`, `sField`) VALUES ('$iAccessLvl', '$sUsername', '$sType', 'app', '$sApp', '', '', '', '') ";
					}
				} else {
					if (!empty($aData)) {
						$aQuery[] = "DELETE FROM `users_access_lvl` WHERE `sUsername`='$sUsername' AND `sType`='$sType' AND `sWhat`='app' AND `sApp`='$sApp'";
					}
				}
				$sHtml = fnDisplayAccessLvl($iAccessLvl, 'html');
				$sLogDescription = "CHANGED APP ACCESS_LVL FOR ".strtoupper($sType)." $sUsername";
				break;
	
		}

		foreach ($aQuery as $sQuery) {
			$rResult = custom_mysql_query($sQuery);	
		}
		
		if (isset($sLogDescription) && $sLogDescription != '') {
			fnUpdateLog($sLogDescription);
		}
			
		$sOutput = fnJsonOutput($sScript, $sAction, (isset($sHtml) ? $sHtml : ''), 0);
		
	} else {
	
		fnUpdateLog('USERNAME NOT FOUND', 0, '','E');
		$sOutput = fnJsonOutput($sScript, $sAction, '', 444);
	
	}

	echo $sOutput;
?>